navvi-login
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill interacts with untrusted external websites to perform login automation, which introduces a surface for indirect prompt injection. Malicious instructions placed on a third-party login page could attempt to hijack the agent's session or influence its behavior. \n
- Ingestion points: Web page content, selectors, and screenshots processed by
navvi_login,navvi_find, andnavvi_screenshot. \n - Boundary markers: Absent. There are no instructions to the agent to treat page content as untrusted data or to ignore embedded commands. \n
- Capability inventory: The skill can perform form filling (
navvi_fill), clicking (navvi_click), and event recording (navvi_milestone). \n - Sanitization: No explicit content sanitization or validation of the remote web content is performed before processing. \n- [DATA_EXFILTRATION]: The
navvi_milestonetool records event data, including session URLs, descriptions, and screenshots, to a persona management system. While this is a core feature of the Navvi platform for session tracking, it involves transmitting local session metadata to the tool's backend services.
Audit Metadata